Crash in vLinearTransform_8to16Q12_vec

RESOLVED DUPLICATE of bug 1395708

Status

()

--
critical
RESOLVED DUPLICATE of bug 1395708
a year ago
a year ago

People

(Reporter: marcia, Unassigned)

Tracking

({crash})

Trunk
Unspecified
Mac OS X
crash
Points:
---

Firefox Tracking Flags

(firefox57 affected)

Details

(crash signature)

This bug was filed from the Socorro interface and is 
report bp-b6870fda-3ee6-41aa-8587-47afc0170828.
=============================================================

Mac specific 10.11 crash that seems to have some stylo source affected: http://bit.ly/2wf85In. Started with 20170827100428. 8 installs/8 crashes.

Please retarget if it is not stylo specific.
I looked at this a bit and discussed with spohl.

What's happening here is that the parallel stylo traversal is calling into OSX widget code. This initially had me worried that somehow calling into this API OMT was a problem, but spohl said colorUsingColorSpaceName should be thread-safe. And even if it weren't, we mutex all calls into OS widget code, so it would only be a problem if the platform API were using TLS, which is even less likely.

I've looked at the callsites, and it seems that whatever the style code is passing to NativeGetColor, only known constant values will be passed to the system API: http://searchfox.org/mozilla-central/rev/cd82cacec2cf734768827ff85ba2dba90a534c5e/widget/cocoa/nsLookAndFeel.mm#65

According to spohl, the most likely reason for a crash like this would be the SDK mismatches we're dealing with in bug 1324892.

Moving to the cocoa component for now. Marcia, please let us know if the crash rises to worrisome levels.
Component: CSS Parsing and Computation → Widget: Cocoa
Depends on: 1324892
Summary: stylo: Crash in vLinearTransform_8to16Q12_vec → Crash in vLinearTransform_8to16Q12_vec
Adding another 10.11 signature I spotted today in crash stats - 12 crashes/8 installs.
Crash Signature: [@ vLinearTransform_8to16Q12_vec] → [@ vLinearTransform_8to16Q12_vec] [@ vRotate_90_Planar_UInt8]
See Also: → bug 1395708
fbertsch said on Slack that he hits this crash signature very frequently when searching Amazon.com on OS X 10.11. I can't reproduce on macOS 10.12.

Example URL:
https://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Daps&field-keywords=test&rh=i%3Aaps%2Ck%3Atest
(In reply to Chris Peterson [:cpeterson] from comment #3)
> fbertsch said on Slack that he hits this crash signature very frequently
> when searching Amazon.com on OS X 10.11. I can't reproduce on macOS 10.12.
> 
> Example URL:
> https://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Daps&field-
> keywords=test&rh=i%3Aaps%2Ck%3Atest

Note that the current theory is that this is related to stack overflow. Need ted to perform the analysis requested in bug 1394878 comment 4 to confirm that theory and answer a few questions before moving forward.
Depends on: 1395708
No longer depends on: 1324892
Looks like the crashes stopped when the code for bug 1395708 landed.
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1395708
You need to log in before you can comment on or make changes to this bug.